Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with repeated trojan infections


  • This topic is locked This topic is locked
3 replies to this topic

#1 BMSMA

BMSMA

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:44 AM

Posted 06 July 2011 - 08:07 PM

Sorry, I'm tired, frustrated and a noob to this forum. I originally posted the details here. Maybe a mod could move it over here where it belongs.

Thanks.

EDIT: see info here
http://www.bleepingcomputer.com/forums/topic408138.html/page__gopid__2323721#entry2323721

I tried to follow the Prep Guide but couldn't get DDS to run on my computer. Comodo is refusing it as heuristic. Stupid thing can't keep out the real trojans, but it's blocking this... The Defense+ feature was telling me I MUST block it because it is malicious! I temporarily supposedly disabled everything and it still blocked it. Also, I kept getting an Opera error message stating "no registered application for this extension." I ran RSIT instead at the recommendation of boopme.

BTW, I should mention that I had Defense+ and the new Sandbox disabled at the time of the infection, if that makes any difference, which I suppose it might. I had turned it off at some point to use fewer system resources because I have an old system and didn't turn it back on.
Here is my RSIT log:




Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-07-06 22:52:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (60%) free of 42 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:19 PM, on 7/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\T-Clock 2010\Win32\Clock.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Documents and Settings\Owner\Desktop\gmer.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0b5d8888-667a-4edd-b1b2-b9aeb763c04b} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKCU\..\Run: [WeatherWatcher] "C:\Program Files\Weather Watcher\ww.exe"
O4 - S-1-5-18 Startup: AutorunsDisabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stoic Joker's T-Clock 2010.lnk = C:\Program Files\T-Clock 2010\Win32\Clock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutorunsDisabled (User 'Default user')
O4 - .DEFAULT Startup: Stoic Joker's T-Clock 2010.lnk = C:\Program Files\T-Clock 2010\Win32\Clock.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Stoic Joker's T-Clock 2010.lnk = C:\Program Files\T-Clock 2010\Win32\Clock.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252638469559
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252638674794
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7828 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b5d8888-667a-4edd-b1b2-b9aeb763c04b}]
C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F3209E2-334B-41E9-B09C-703F398742E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-09 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AD4A42-BA52-47BC-89DF-3F68F24C017F}]
TMIEGBHO Class - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll [2011-02-25 181776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C8137A8D-415D-450C-A1B1-D0C519D45296} - TMBGBAR TOOLBAR - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll [2011-02-25 153104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-11 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-11 118784]
""= []
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2009-10-16 904840]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-10-28 1352272]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-06-30 2554696]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-02-07 40960]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Trend Micro Browser Guard"=C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE [2011-02-25 787984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe [2009-07-07 1110016]
"DW6"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SgtSch2Svc"=2

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
AutorunsDisabled
Stoic Joker's T-Clock 2010.lnk - C:\Program Files\T-Clock 2010\Win32\Clock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-11 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoSMMyDocs"=0x01000000
"NoSMMyPictures"=0x01000000
"NoDriveAutoRun"=0x00008002
"NoSharedDocuments"=0x01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera 9\opera.exe"="C:\Program Files\Opera 9\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"X:\Program Files\Opera 9\opera.exe"="X:\Program Files\Opera 9\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera\Opera 10.52\opera.exe"="C:\Program Files\Opera\Opera 10.52\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 10.5x\opera.exe"="C:\Program Files\Opera 10.5x\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Release\Frontier.exe"="D:\Release\Frontier.exe:*:Enabled:Frontier Gateway Installation Wizard"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-07-06 22:52:34 ----D---- C:\rsit
2011-07-06 19:42:29 ----D---- C:\Program Files\Trend Micro
2011-07-06 19:29:57 ----A---- C:\WINDOWS\system32\gdiplus.dll
2011-07-06 19:28:45 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2011-07-04 11:50:45 ----D---- C:\WINDOWS\ie7updates
2011-07-04 11:38:06 ----HD---- C:\Program Files\Uninstall Information
2011-07-04 01:23:11 ----D---- C:\WINDOWS\WBEM
2011-07-04 01:22:55 ----D---- C:\WINDOWS\Offline Web Pages
2011-07-04 01:21:07 ----HDC---- C:\WINDOWS\ie7
2011-07-04 01:20:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2011-07-04 01:19:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2011-06-29 19:58:23 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2011-06-29 02:03:28 ----D---- C:\WINDOWS\temp
2011-06-20 13:21:06 ----D---- C:\Program Files\T-Clock 2010
2011-06-09 04:02:34 ----D---- C:\Program Files\Common Files\Java
2011-06-09 04:02:11 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-09 04:02:11 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-09 04:02:10 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2011-07-06 22:42:09 ----D---- C:\WINDOWS\Prefetch
2011-07-06 21:50:20 ----D---- C:\Documents and Settings\Owner\Application Data\Jarte
2011-07-06 21:46:27 ----D---- C:\Documents and Settings\Owner\Application Data\WeatherWatcher
2011-07-06 19:53:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-06 19:52:28 ----D---- C:\WINDOWS
2011-07-06 19:43:00 ----SHD---- C:\WINDOWS\Installer
2011-07-06 19:42:29 ----D---- C:\Program Files
2011-07-06 19:36:58 ----D---- C:\Program Files\Comodo
2011-07-06 19:29:57 ----D---- C:\WINDOWS\system32
2011-07-06 18:18:59 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-06 13:02:23 ----D---- C:\WINDOWS\I386
2011-07-06 11:23:07 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-06 10:38:50 ----D---- C:\WINDOWS\system32\oobe
2011-07-06 10:32:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-05 12:52:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-04 22:54:18 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2011-07-04 12:10:07 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2011-07-04 11:53:39 ----D---- C:\Program Files\Internet Explorer
2011-07-04 11:52:31 ----HD---- C:\WINDOWS\inf
2011-07-04 11:52:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-04 11:52:04 ----D---- C:\WINDOWS\system32\en-us
2011-07-04 11:49:28 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-04 11:46:47 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-04 11:37:22 ----D---- C:\WINDOWS\Help
2011-07-04 01:23:22 ----D---- C:\WINDOWS\system32\config
2011-07-04 01:22:54 ----D---- C:\WINDOWS\Media
2011-07-03 19:39:24 ----D---- C:\Program Files\XMPlay
2011-07-02 13:15:21 ----D---- C:\Program Files\uTorrent
2011-06-30 04:37:25 ----A---- C:\WINDOWS\system32\guard32.dll
2011-06-29 20:15:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-06-29 11:37:00 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2011-06-29 00:35:18 ----D---- C:\Program Files\Opera
2011-06-29 00:34:38 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2011-06-28 23:56:13 ----D---- C:\WINDOWS\repair
2011-06-28 23:56:01 ----D---- C:\WINDOWS\Registration
2011-06-28 23:54:04 ----D---- C:\WINDOWS\system32\spool
2011-06-28 23:51:51 ----D---- C:\Program Files\Beyond Compare 3
2011-06-28 23:51:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-06-28 23:51:00 ----D---- C:\WINDOWS\WinSxS
2011-06-28 22:43:53 ----D---- C:\Program Files\CCleaner
2011-06-20 12:53:51 ----D---- C:\Program Files\Mozilla Firefox
2011-06-19 13:34:33 ----D---- C:\Program Files\Creative
2011-06-19 13:34:31 ----D---- C:\WINDOWS\system32\drivers
2011-06-18 20:46:05 ----RSD---- C:\WINDOWS\Fonts
2011-06-18 01:39:43 ----D---- C:\Program Files\VideoLAN
2011-06-17 17:46:16 ----D---- C:\WINDOWS\Debug
2011-06-17 16:44:29 ----RD---- C:\Program Files\Skype
2011-06-17 16:44:25 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2011-06-17 16:44:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-06-17 16:44:13 ----D---- C:\Program Files\Common Files
2011-06-15 12:57:34 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-15 12:57:11 ----RSD---- C:\WINDOWS\assembly
2011-06-15 12:50:01 ----ASH---- C:\boot.ini
2011-06-15 10:41:00 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-15 10:32:15 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-15 10:29:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-09 04:01:55 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-09 04:01:52 ----D---- C:\Program Files\Java
2011-06-08 19:04:38 ----D---- C:\Program Files\Weather Watcher
2011-06-07 12:41:29 ----D---- C:\Program Files\Speccy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 DevUpper;TI UltraMedia CardBus Controller Filter Driver; C:\WINDOWS\system32\DRIVERS\tiumflt.sys [2002-12-10 7552]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-06-30 97504]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 rmedia;Ricoh MediaCard Driver; C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-21 65664]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-04-29 132224]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2010-04-29 368480]
R0 timounter;Seagate DiscWizard Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-04-29 441760]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2011-06-30 17416]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-06-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-06-30 29400]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2010-08-24 10448]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-10-06 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-04-29 44384]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-08-21 156160]
R3 GTICARD;GTICARD; C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-10-23 76160]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-11 681469]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [2010-08-24 10448]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2010-08-24 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2010-08-24 37328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-08-29 52080]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-02 4816]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
S3 EMCFILT;Alcor Micro Corp for Emachine- 9361; \??\C:\WINDOWS\System32\Drivers\EMcFilt.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-10-15 1043072]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-14 65280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-14 612032]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 ugldqpow;ugldqpow; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldqpow.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-03 1646720]
S4 DrvSnSht;DrvSnSht; C:\WINDOWS\system32\drivers\DrvSnSht.sys []
S4 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-10-27 23936]
S4 ntcdrdrv;ntcdrdrv; C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S4 R-ImageDisk;R-ImageDisk; C:\WINDOWS\system32\drivers\R-ImageDisk.sys []
S4 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S4 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS []
S4 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S4 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S4 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S4 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-06-30 1793712]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2004-07-09 45056]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S3 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-01-10 399416]
S4 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-10-28 293456]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 431456]

-----------------EOF-----------------







Here's my GMER log:




GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-07 10:04:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160821A rev.3.ALC
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB1AD68B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB1AD5E48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB1AD6518]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB1AD7126]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB1AD5D28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB1AD91E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB1AD9568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB1AD5714]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB1AD6A9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB1AD6C9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB1AD551A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB1AD7864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB1AD7ABA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB1AD8BF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB1AD6110]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB1AD66F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB1AD7116]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB1AD5148]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB1AD63B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB1AD534C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB1AD7CC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB1AD811C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB1AD7EDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB1AD767C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB1AD868C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB1AD8940]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB1AD6EEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB1AD8EE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB1AD73F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB1AD607A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB1AD62A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB1AD5B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB1AD5918]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 395 804E2A01 3 Bytes [89, AD, B1]
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 4 Bytes [E8, 8E, AD, B1]
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF798DD00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF77834C0]
init C:\WINDOWS\system32\DRIVERS\gticard.sys entry point in "init" section [0xB17B9B20]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Weather Watcher\ww.exe[288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Weather Watcher\ww.exe[288] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003ACF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003B1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003BDF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003BE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\T-Clock 2010\Win32\Clock.exe[468] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003BE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[704] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\HidFind.exe[864] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apntex.exe[872] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[996] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1008] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1172] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1268] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1368] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1424] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1564] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B5680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003ACF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B26F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B3280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003B1220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003BDF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003BE410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\bcmwltry.exe[1748] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003BE1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1768] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\CTsvcCDA.exe[1868] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1916] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1936] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0086CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00875680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0086CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008726F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00873280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00871220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00871B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0087DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0087E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\hkcmd.exe[1960] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0087E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Apoint\Apoint.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D3CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D45680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D3CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D426F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D43280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00D41220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00D41B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00D4DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D4E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[1976] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00D4E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2000] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\wltrysvc.exe[2020] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!WinExec 7C86250D 2 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!WinExec + 3 7C862510 2 Bytes [7C, 93] {JL 0xffffffffffffff95}
.text C:\Program Files\Opera\opera.exe[2236] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Opera\opera.exe[2236] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2596] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[2812] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3140] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\VCOM\PowerDesk\PDExplo.exe[3168] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail@MessageExpiryDays 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\kview@frontiernet.net
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\kview@frontiernet.net@MessageCount 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\kview@frontiernet.net@TimeStamp 0xE0 0x5E 0xCF 0x8E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\kview@frontiernet.net@Application msimn

---- Files - GMER 1.0.15 ----

File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds (1).scr 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds (1).scr.info 258 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr1 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr1.info 138 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr2 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\dds.scr2.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00RSE.tmp 89402 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00RSE.tmp.info 304 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00RSS.tmp 5124 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00RSS.tmp.info 296 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00SV7.tmp 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00SV7.tmp.info 256 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00T1S.tmp 607017 bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\opr00T1S.tmp.info 256 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\~DFA75.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~Budapest

Attached Files

  • Attached File  info.txt   16.68KB   0 downloads

Edited by Budapest, 16 July 2011 - 04:22 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 23 July 2011 - 08:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

DR

#3 BMSMA

BMSMA
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:44 AM

Posted 23 July 2011 - 11:53 AM

Thanks for your time, but I think I did finally manage to get everything cleaned up. As I described in a previous post, I couldn't get DDS to run, anyway. Opera browser seems to hang up briefly fairly regularly, but I attribute that to added extensions and having a ton of bookmarks and notes that I need to clear out. Comodo, Malwarebytes and Spybot S&D all come up clean.

#4 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:03:44 AM

Posted 24 July 2011 - 12:52 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please send me a PM with the address of this thread.

Everyone else please begin a New Topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users